openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

RHEL 8 : openssl (RHSA-2026:26275)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26275 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Security update for openssl-3

This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

Heap Use-After-Free in the PKCS7_verify() Function

...

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

UBUNTU-CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PKCS7VerifySignedData process. An attacker can cause the application to read memory outside the bounds of a heap buffer by submitting a specially crafted PKCS7 message. Remediation Upgrade wolfssl to version...

GHSA-HFPC-8R3F-GW53 AWS-LC has PKCS7_verify Signature Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need...

CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

CVE-2026-3338

The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...

MiracleLinux 9 : gnutls-3.7.6-12.el9, nettle-3.8-3.el9 (AXSA:2022-4094:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4094:01 advisory. gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2023-24011

CVE-2023-24011 is a DDS ecosystem vulnerability arising from non-compliant permission document verification and improper use of OpenSSL PKCS7_verify to validate S/MIME signatures. Attackers could craft malicious DDS Participants or ROS 2 Nodes with valid certificates to gain full control of a sec...

CVE-2023-24010 Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

CLSA-2023-1685536317 gnutls: Fix of CVE-2022-2509

CVE-2022-2509: Fix double free during gnutlspkcs7verify...

CLSA-2023-1685536090 gnutls: Fix of CVE-2022-2509

CVE-2022-2509: Fix double free during gnutlspkcs7verify...

GnuTLS 资源管理错误漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A resource management error vulnerability exists in GnuTLS that stems from a double release during gnutlspkcs7verify...